CN104811438A - Asynchronous hotlink protection method and system based on scheduling system - Google Patents
Asynchronous hotlink protection method and system based on scheduling system Download PDFInfo
- Publication number
- CN104811438A CN104811438A CN201510134511.7A CN201510134511A CN104811438A CN 104811438 A CN104811438 A CN 104811438A CN 201510134511 A CN201510134511 A CN 201510134511A CN 104811438 A CN104811438 A CN 104811438A
- Authority
- CN
- China
- Prior art keywords
- scheduling
- authentication server
- unique identifier
- authentication
- content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Abstract
The invention provides an asynchronous hotlink protection method and system based on a scheduling system. The method comprises that a client sends a request for scheduling information and judge right information to a scheduling and judge right server, and the scheduling and judge right server is arranged in the scheduling system, and can be used to schedule resource as well as judge right; the scheduling and judge right server returns a response to the client, the response includes the scheduling information and judge right information, and the judge right information includes an unique identifier; the client sends a content request to a content distribution network node, and the content request comprises the judge right information; the content distribution network node makes response to the content request to provide part of content resource, and sends a judge right request to the scheduling and judge right server; the scheduling and judge right server determines whether the unique identifier is registered online, if yes, the server controls the content distribution network node stops providing content service; and if no, the unique identifier is registered online.
Description
Technical field
The present invention relates to content distributing network, particularly relate to the Streaming Media anti-stealing link system for content distributing network and method.
Background technology
Current Streaming Media manufacturer is numerous, and the resource that they provide brings huge convenience to user, but this has an opportunity to take advantage of also to robber's chain person.Steal the resource that chain person placed other Streaming Media manufacturers on the website of oneself, by illegal link, usurp the video resource on vendor server, even make the bandwidth resources of Streaming Media manufacturer exhaust, server collapses.This is a kind of behavior of invading Streaming Media manufacturer interests and video copy, needs a kind of efficient system to hit it.
For content distributing network (CDN) environment, occurred multiple door chain scheme, but all there is drawback in these existing door chain schemes.
For the door chain scheme adopting video-encryption mode, usually cryptographic algorithm can be related to.But too simple cryptographic algorithm is tantamount to not encryption, and too complicated cryptographic algorithm brings difficulty can to the deciphering of player, and the difficulty and the hardware-dependent of player to user that increase exploitation are higher.Encrypted file may cause content distributing network to the None-identified of video file, parsing, the problem such as cause that file cannot be drawn.
For common some http door chains (as UA door chain, referer door chain), too simple, steal chain person and cross system of defense easily via constructing.
In addition, be all first judge for more existing anti-stealing link systems, rear clearance, if the server low-response made a decision like this, will cause Consumer's Experience bad.
Moreover the general generation system returning the ID of source authentication anti-stealing link system and right discriminating system are not united, and do not have the system of a formation closed loop, can reduce the difficulty of authentication like this, easily be cracked.
Therefore, need one badly and efficiently can hit the link of robber's chain, do not affect again the anti-stealing link system of user's body.
Summary of the invention
The object of this invention is to provide one and efficiently can hit the link of robber's chain, do not affect again the anti-stealing link system of user's body.The present invention, on the basis of http agreement, achieves and first allows user to access sub-fraction resource, and then judge whether this access is legitimate request, and then judges whether refusal request.Between user's request and server, this system is transparent, realizes user zero perception of Lawful access, has both taken into account the interests of manufacturer, and taken into account Consumer's Experience again.
The invention provides the asynchronous anti-stealing link method of a kind of single access based on dispatching patcher.Described method comprises:
Client sends to scheduling authentication server the request obtaining schedule information and authentication information, and wherein, described scheduling authentication server is arranged in described dispatching patcher, and described scheduling authentication server can carry out scheduling of resource can carry out authentication again;
Described scheduling authentication server returns response to described client, and described response comprises schedule information and authentication information, and wherein said authentication information comprises unique identifier;
Described client sends content requests subsequently to content delivery network node, and this content requests comprises authentication information;
Described content delivery network node, after receiving described content requests, responds described content requests to provide part content resource to described client, and sends the authentication request including described authentication information to described scheduling authentication server;
Described scheduling authentication server carries out authentication according to described authentication request, described authentication comprises and judges whether described unique identifier has registered online, if this unique identifier has been registered online, then content delivery network node described in the instruction of described scheduling authentication server has stopped providing content service; If this unique identifier is not registered online, then by online for described unique identifier registration.
In one embodiment, when described scheduling authentication server returns unique identifier to described client, described unique identifier is registered " existence " state, for judging whether the unique identifier comprised in the content requests that described client sends is that described scheduling authentication server oneself produces.
In one embodiment, before described scheduling authentication server judges whether described unique identifier has registered online, further comprising the steps of:
Described scheduling authentication server judges whether described unique identifier exists, and if there is no, then described scheduling authentication server issues to described content delivery network node the service of termination; If existed, then described scheduling authentication server judges whether described unique identifier has registered online.
In one embodiment, the connection of described authentication request remains long connection, to guarantee that the authenticating result that described scheduling authentication server issues can for the Media Stream arrived corresponding to described content requests.
In one embodiment, described content delivery network node responds described content requests with before providing part content resource to described client, further comprising the steps of:
Described content delivery network node, after receiving described content requests, is carried out local door chain judgement, is filtered for the content requests do not judged by local door chain.
Present invention also offers a kind of asynchronous anti-stealing link system based on dispatching patcher.This system comprises:
Client;
Scheduling authentication server, described scheduling authentication server is positioned to be dispatched authentication server and can carry out scheduling of resource and can carry out authentication again described in described dispatching patcher;
And content delivery network node;
Wherein:
Described client sends to scheduling authentication server the request obtaining schedule information and authentication information, described scheduling authentication server returns response to described client, described response comprises schedule information and authentication information, and wherein said authentication information comprises unique identifier;
Described client is after obtaining described authentication information, and send content requests to content delivery network node, this content requests comprises authentication information;
Described content delivery network node, after receiving described content requests, responds described content requests to provide part content resource to described client, and sends the authentication request including described authentication information to described scheduling authentication server;
Described scheduling authentication server carries out authentication according to described authentication request, described authentication comprises and judges whether described unique identifier has registered online, if this unique identifier has been registered online, then content delivery network node described in the instruction of described scheduling authentication server has stopped providing content service; If this unique identifier is not registered online, then by online for described unique identifier registration.
In one embodiment, when described scheduling authentication server is configured to return unique identifier to described client, described unique identifier is registered " existence " state, for judging whether the unique identifier comprised in the content requests that described client sends is that described scheduling authentication server oneself produces.
In one embodiment, described scheduling authentication server is before judging whether described unique identifier has registered online, judge whether described unique identifier exists, if there is no, then described scheduling authentication server issues to described content network node the service of termination; If existed, then described scheduling authentication server judges whether described unique identifier has registered online.
In one embodiment, the connection of described authentication request remains long connection, to guarantee that the authenticating result that described scheduling authentication server issues can for the Media Stream arrived corresponding to described content requests.
In one embodiment, described content delivery network node is after receiving described content requests and respond described content requests with before providing part content resource to described client, also local door chain judgement is carried out to described content requests, the content requests do not judged by local door chain is filtered.
Anti-stealing link method of the present invention and system have the following advantages:
(1) code structure in source server and service logic are without the need to making any change;
(2) player end needs initiation to include the request of timestamp, unique identification and general door chain information.
(3) system is made up of local CDN Edge Server, authentication server.
(4) CDN node does preliminary door chain judgement, allows response, and forward the request to authentication server by issuing CDN Edge Server afterwards.
(5) authentication server receives authentication request, judges, issues simultaneously and judge to CDN Edge Server.Last CDN Edge Server judges it is break in service according to authenticating result, or continues service.
(6) on the basis of dispatching patcher, set up unique identifier generation, registration, authentication mechanism, make system form a closed loop like this, raised the grade of difficulty of door chain.
Accompanying drawing explanation
Above summary of the invention of the present invention and embodiment below can be better understood when reading by reference to the accompanying drawings.It should be noted that, accompanying drawing is only as the example of claimed invention.In the accompanying drawings, identical Reference numeral represents same or similar element.
Fig. 1 illustrates of the prior art time source right discriminating system structure;
Fig. 2 illustrates the asynchronous anti-stealing link system block diagram of the single access based on dispatching patcher according to the present invention;
Fig. 3 illustrates the specific works flow diagram of the anti-stealing link system according to one embodiment of the invention.
Embodiment
Below detailed features of the present invention and advantage is described in a specific embodiment in detail, its content is enough to make any those skilled in the art understand technology contents of the present invention and implement according to this, and specification, claim and the accompanying drawing disclosed by this specification, those skilled in the art can understand the object and advantage that the present invention is correlated with easily.
Anti-stealing link system of the present invention is devoted to the interests protecting streaming media video manufacturer, hits the behavior of illegal robber's chain.On the basis of http agreement, achieve and first allow user to access sub-fraction resource, then judge whether this access is legitimate request, and then judge whether refusal request.This system is transparent between user's request and server, realizes user zero perception of Lawful access, has both taken into account the interests of manufacturer, and taken into account Consumer's Experience again.
The asynchronous anti-stealing link system of single access based on dispatching patcher of the present invention can effectively solve following technical problem:
(1) use system transfers of the present invention be without the need to encryption file, just can accomplish effective copyright protection.
(2) link is not easily imitated, and has regular hour stamp, and the life span of a link is general shorter.Have uniquely identified link for one, if be registered as online, other identical links all can be rejected.Having spent the rise time also can be rejected.
(3) can accomplish first to return to user's sub-fraction media resource, then judge whether request is feasible, takes into account Consumer's Experience and manufacturer's interests.
(4) on the basis of dispatching patcher, set up unique identifier generation, registration, authentication mechanism, system is made to form a closed loop like this, raised the grade of difficulty of door chain, unique identifier is a key in right discriminating system, only obtains the right that it could obtain continuous access.
Accompanying drawing is coordinated to be described in detail below.
Fig. 1 illustrates of the prior art time source right discriminating system structure.This system architecture is made up of client 101, dispatching patcher 102, authentication server 103, CDN node 104.Client 101 have sent the request that obtains schedule information and unique identifier and after obtaining response to dispatching patcher 102, content requests is sent to CDN node 104, CDN node 104 does not provide resource to client at once, but before response contents, first initiate authentication request to authentication server 103, according to the authenticating result of authentication server 103, CDN node 104 makes the response providing service or do not provide service.
Fig. 2 illustrates the asynchronous anti-stealing link system block diagram of the single access based on dispatching patcher according to the present invention.In one embodiment, this system comprises client 201, scheduling authentication server 202 and content distributing network (CDN) node 204.
This scheduling authentication server 202 is arranged in dispatching patcher.This scheduling authentication server 202 operation dispatching work can carry out authentication again.
Client 201 is before initiating content requests to CDN node 204, and first inquire (namely sending the request obtaining schedule information and authentication information) toward this scheduling authentication server 202, and obtain response, wherein this response comprises authentication information and schedule information.In one embodiment, this authentication information can comprise unique ID.This schedule information can comprise the domain name of the CDN node that user will access.While scheduling authentication server 202 sends above-mentioned response, this unique ID can be registered " existence " state.It is pointed out that because disabled user cannot send request to dispatching patcher therefore only have legal client could send request to scheduling authentication server 202.
Client, after acquisition authentication information and schedule information, initiates content requests to CDN node 204 (such as, Edge Server).In one embodiment, this content requests can be Streaming Media request.This content requests comprises authentication information.CDN node 204 (such as, Edge Server) is after receiving this content requests, and first respond to the certain resource of client, then initiate authentication request to this scheduling authentication server 202, wherein, this authentication request includes above-mentioned authentication information.This scheduling authentication server 202 carries out authentication to this authentication request, such as, judges whether this unique ID has existed and/or registered online, and returns authenticating result.CDN node 204, according to the authenticating result of this scheduling authentication server 202, makes the response continuing to provide service or interrupt flow.
Fig. 3 illustrates the specific works flow diagram of the anti-stealing link system according to one embodiment of the invention.
The CDN node of anti-stealing link system of the present invention can be configured according to domain name, and the granularity of configuration may diminish to by filename, or a certain class has the filename of identical rule.Such as: door chain judgement is carried out to all .exe .m3u8 under a same domain name.
Anti-stealing link system flow process of the present invention is as follows.
Step 301: client sends the first request to scheduling authentication server.This first request is the request obtaining schedule information and authentication information.
Step 302: scheduling authentication server to be dispatched client according to client ip and produced unique identifier (ID).
Step 303: scheduling authentication server customer in response end.This response comprises schedule information and authentication information.In one embodiment, this schedule information comprises the domain name of the CDN node that user will access.This authentication information comprises this unique identifier (ID).
Step 304: scheduling authentication server is while customer in response end, this unique identifier is registered " existence ", the object registering " existence " is, in authentication process afterwards, scheduling authentication server can be used for judging whether this ID is present in the ID list that scheduling authentication server oneself provides, and whether the ID that namely can be used for comprising in the content requests judging that client sends is the generation of scheduling authentication server oneself.
Step 305: client, after obtaining the authentication information comprising unique identifier, sends content requests (also known as the second request) to CDN node.In one embodiment, this second request can be Streaming Media request.Authentication information can be comprised in the second request that client is initiated.This authentication information comprises unique identifier, timestamp, client ip, redirect page information etc.This timestamp is the termination time of URL life cycle, or is the effective time of this unique identifier.In one embodiment, the specifying information of authentication information can be arranged by client and CDN node.Such as, authentication information can comprise containing encryption timestamp and unique identifier composition the redirect page information such as encryption string, unencryption timestamp, client ip, such as reference, etc.Authentication information can adopt the mode of encryption, also can not encrypt.The content of authentication information can be asked as the item of http request head, also can be carried in URL with the form of parameter, or can insert authentication information in URI.
Step 306: after receiving the second request, CDN node carries out local door chain judgement.Specifically, if the domain name corresponding to this CDN node has the configuration of door chain, then enter local simple door chain treatment mechanism.Such as: judge whether the URL asked is the IP allowing access; Judge that whether reference is correct.Local simple door chain can be tackled some and simply steal chain behavior, thus filters some illegal request, reduces the number of request mailing to scheduling authentication server, to alleviate the pressure of scheduling authentication server, improves response speed.This function can be opened, and also can select to close.
Step 307: if the second request have passed the local door chain of CDN node, then CDN node makes an immediate response the second request, and namely produce response flow 318 first, and send authentication request to scheduling authentication server, wherein, this authentication request includes above-mentioned authentication information.In one embodiment, CDN node can use the request method of POST to mail to scheduling authentication server the authentication informations such as timestamp and unique identifier (encrypt or do not encrypt).Now need to keep long to connect.Authentication information used herein can be any information of agreement, and CDN fringe node needs to provide corresponding configurable interface; POST request needs to keep length to connect to be need to be flowed by that road of authentication because will guarantee that the authenticating result of authentication server can find, and the judged result that also can use other recognition methodss that the authentication judging authentication server is issued here can for the URL to correspondence.
Scheduling authentication server carries out authentication information acquisition to the authentication request that CDN node is put forward, and enters authorizing procedure.This authorizing procedure can comprise the following steps.
Step 308: scheduling authentication server enabling decryption of encrypted string.If contain encryption string and unencrypted timestamp in authentication information, then dispatching authentication server can adopt the unencrypted timestamp in authentication information to verify the timestamp in encryption string, different both if verification finds, then issue CDN node, make its termination service 320.Otherwise enter step 309.If authentication information unencryption, then step 308 can be omitted.
The reason of this kind of verification mode is adopted to be owing to stealing timestamp in encryption string contained in request that chain person copies to and to steal the unencrypted timestamp (it is current that this encryption times stabs) that chain person oneself provides normally inconsistent, therefore, this kind of method can be adopted to verify.
Step 309: scheduling authentication server judges whether timestamp exceedes life span, if exceeded, then issues CDN node and stops service 320.Otherwise enter step 310.
Step 310: whether scheduling authentication server unique identity symbol is present in the ID list of this scheduling authentication server, if there is no, illustrate that the unique identifier that this user provides not is that scheduling authentication server provides, this user is disabled user, and scheduling authentication server issues CDN node and stops service 320.Otherwise, enter step 311.
Step 311: whether scheduling authentication server unique identity symbol has been registered as online, if this unique identifier has been registered online, then illustrate that this unique identifier has had validated user to register, active user is disabled user, therefore, dispatch authentication server and issue CDN node termination service 320.Otherwise, enter step 312.As can be seen from step 311, the present invention is the anti-stealing link system of " single access ", i.e. the same time, can only have a validated user access resources, after this validated user is registered as " online " state, any robber's chain person cannot visit again this resource.
Step 312: dispatch authentication server by this unique identifier (ID) for being registered as " online " state.
Step 313: authenticating result is issued to CDN node by scheduling authentication server, if authentication is passed through, then CDN node continues to provide content response to client 321.
It should be noted that scheduling authentication server checking procedure can basis and CDN node agreement rule carry out.The authentication information received is different, and corresponding method for authenticating is also different.
After the response of CDN node receiving scheduling authentication server, obtain authentication result information, and perform whether continue service according to authenticating result.Disconnect long connection simultaneously.Here authentication result information can be included in HTTP in front, such as conditional code and/or be included in body.The content of authentication result information can be simple conditional code 200,206,403 or be included in body, comprises the information such as refusal, speed limit.
CDN node returns in the exclude information of client, only can comprise conditional code, also can return state code+authentication mistake specifying information (being namely included in body).
As shown in the figure, a difference of the system architecture of Fig. 2 and Fig. 3 and the system architecture of Fig. 1 carries out in Fig. 2 and Fig. 3 dispatching and the server of authentication combines, and forms scheduling authentication server 202.This makes the generation of unique ID of server and authentication be all carry out in one, and this way has some advantage following at least.
First, the management of unique ID is facilitated.By some built-in check mechanism, anti-stealing link system can guarantee that unique ID is sent by scheduling AUC (such as: scheduling authentication server).For example, when authentication control centre produces a unique ID, this ID can be registered as " existence " state, provide the life span of unique ID, this life span is very short usually simultaneously.As robber's chain person oneself structure ID, owing to not being the ID that scheduling AUC is registered as " existence ", so be judged as illegal; If steal the URL (comprising ID) of the request that chain person copy client sends, if this time exceedes life span, also be illegal, if also do not exceed life span, at this moment normal users has initiated access, and ID is registered as online in fact, therefore also inaccessible, even if now normal users does not visit again, but this ID has been registered online, steals chain person and cannot steal chain at all.As can be seen here, unique ID can only be only used once, and cannot carry out robber's chain in the mode copying request.
Secondly, because the generation of unique ID and authentication are all from same place, therefore the composition rule of unique ID can change at any time, makes the content of authentication more flexible.Such as: when video producer finds that door chain has cracked decipherment algorithm, the cipher mode of unique ID can be changed immediately, also change manner of decryption simultaneously, these will carry out respectively before changing the action of encryption and decryption rule in dispatching patcher and authentication server, and only need now to have modified just in an assembly.The way that is separated with right discriminating system of middle ID generation system compared to existing technology, the generation of unique ID, registration, authentication unification transfer to dispatching patcher (scheduling authentication server) to carry out by anti-stealing link system of the present invention, form a closed loop, raise the difficulty registration of door chain.
Again, as can be seen from above-mentioned system architecture, anti-stealing link system of the present invention is the asynchronous anti-stealing link system of a single access.So-called " asynchronous " refers to that the present invention can accomplish first to provide user by sub-fraction media resource, then judges whether request is feasible.Compare traditional anti-stealing link system first judging to let pass afterwards, this way of the present invention neither affects the Consumer's Experience of validated user, also protects the interests of streaming media video manufacturer.
Here the term adopted and form of presentation are just for describing, and the present invention also should not be limited to these terms and statement.Use these terms and statement and do not mean that the equivalent features getting rid of any signal and description (or wherein part), will be appreciated that the various amendments that may exist also should be included in right.Other amendments, change and replacement also may exist.Accordingly, claim should be considered as covering all these equivalents.
Equally, it is to be noted, although the present invention describes with reference to current specific embodiment, but those of ordinary skill in the art will be appreciated that, above embodiment is only used to the present invention is described, change or the replacement of various equivalence also can be made, therefore, as long as all will drop in the scope of claims of the application the change of above-described embodiment, modification in spirit of the present invention when not departing from spirit of the present invention.
Claims (10)
1. based on an anti-stealing link method for dispatching patcher, it is characterized in that, described method comprises:
Client sends to scheduling authentication server the request obtaining schedule information and authentication information, and wherein, described scheduling authentication server is arranged in described dispatching patcher, and described scheduling authentication server can carry out scheduling of resource can carry out authentication again;
Described scheduling authentication server returns response to described client, and described response comprises schedule information and authentication information, and wherein said authentication information comprises unique identifier;
Described client sends content requests subsequently to content delivery network node, and this content requests comprises authentication information;
Described content delivery network node, after receiving described content requests, responds described content requests to provide part content resource to described client, and sends the authentication request including described authentication information to described scheduling authentication server;
Described scheduling authentication server carries out authentication according to described authentication request, described authentication comprises and judges whether described unique identifier has registered online, if this unique identifier has been registered online, then content delivery network node described in the instruction of described scheduling authentication server has stopped providing content service; If this unique identifier is not registered online, then by online for described unique identifier registration.
2. the method for claim 1, it is characterized in that, when described scheduling authentication server returns unique identifier to described client, described unique identifier is registered " existence " state, for judging whether the unique identifier comprised in the content requests that described client sends is that described scheduling authentication server oneself produces.
3. method as claimed in claim 2, is characterized in that, before described scheduling authentication server judges whether described unique identifier has registered online, further comprising the steps of:
Described scheduling authentication server judges whether described unique identifier exists, and if there is no, then described scheduling authentication server issues to described content delivery network node the service of termination; If existed, then described scheduling authentication server judges whether described unique identifier has registered online.
4. the method for claim 1, is characterized in that, the connection of described authentication request remains long connection, to guarantee that the authenticating result that described scheduling authentication server issues can for the Media Stream arrived corresponding to described content requests.
5. the method for claim 1, is characterized in that, described content delivery network node responds described content requests with before providing part content resource to described client, further comprising the steps of:
Described content delivery network node, after receiving described content requests, is carried out local door chain judgement, is filtered for the content requests do not judged by local door chain.
6., based on an asynchronous anti-stealing link system for dispatching patcher, it is characterized in that, comprising:
Client;
Scheduling authentication server, described scheduling authentication server is positioned to be dispatched authentication server and can carry out scheduling of resource and can carry out authentication again described in described dispatching patcher;
And content delivery network node;
Wherein:
Described client sends to scheduling authentication server the request obtaining schedule information and authentication information, described scheduling authentication server returns response to described client, described response comprises schedule information and authentication information, and wherein said authentication information comprises unique identifier;
Described client is after obtaining described authentication information, and send content requests to content delivery network node, this content requests comprises authentication information;
Described content delivery network node, after receiving described content requests, responds described content requests to provide part content resource to described client, and sends the authentication request including described authentication information to described scheduling authentication server;
Described scheduling authentication server carries out authentication according to described authentication request, described authentication comprises and judges whether described unique identifier has registered online, if this unique identifier has been registered online, then content delivery network node described in the instruction of described scheduling authentication server has stopped providing content service; If this unique identifier is not registered online, then by online for described unique identifier registration.
7. method as claimed in claim 6, it is characterized in that, when described scheduling authentication server is configured to return unique identifier to described client, described unique identifier is registered " existence " state, for judging whether the unique identifier comprised in the content requests that described client sends is that described scheduling authentication server oneself produces.
8. method as claimed in claim 7, it is characterized in that, described scheduling authentication server is before judging whether described unique identifier has registered online, judge whether described unique identifier exists, if there is no, then described scheduling authentication server issues to described content network node the service of termination; If existed, then described scheduling authentication server judges whether described unique identifier has registered online.
9. method as claimed in claim 6, is characterized in that, the connection of described authentication request remains long connection, to guarantee that the authenticating result that described scheduling authentication server issues can for the Media Stream arrived corresponding to described content requests.
10. method as claimed in claim 6, it is characterized in that, described content delivery network node is after receiving described content requests and respond described content requests with before providing part content resource to described client, also local door chain judgement is carried out to described content requests, the content requests do not judged by local door chain is filtered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510134511.7A CN104811438B (en) | 2015-03-26 | 2015-03-26 | Asynchronous anti-stealing link method and system based on scheduling system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510134511.7A CN104811438B (en) | 2015-03-26 | 2015-03-26 | Asynchronous anti-stealing link method and system based on scheduling system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104811438A true CN104811438A (en) | 2015-07-29 |
| CN104811438B CN104811438B (en) | 2018-01-23 |
Family
ID=53695932
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510134511.7A Active CN104811438B (en) | 2015-03-26 | 2015-03-26 | Asynchronous anti-stealing link method and system based on scheduling system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104811438B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357190A (en) * | 2015-10-26 | 2016-02-24 | 网宿科技股份有限公司 | Method and system for performing authentication on access request |
| CN105871982A (en) * | 2015-12-07 | 2016-08-17 | 乐视云计算有限公司 | Content pushing method, device and system |
| CN106254906A (en) * | 2016-08-09 | 2016-12-21 | 亦非云互联网技术(上海)有限公司 | A kind of net cast HLS anti-stealing link method and system |
| CN106453305A (en) * | 2016-10-10 | 2017-02-22 | 传线网络科技(上海)有限公司 | Member live broadcast link stealing prevention method and device, and network server |
| CN106453328A (en) * | 2016-10-18 | 2017-02-22 | 乐视控股(北京)有限公司 | Publishing method for live broadcast video file, publishing client and edge streaming media server |
| CN109379344A (en) * | 2018-09-27 | 2019-02-22 | 网宿科技股份有限公司 | The method for authenticating and authentication server of access request |
| CN109391686A (en) * | 2018-09-27 | 2019-02-26 | 网宿科技股份有限公司 | The processing method and CDN node server of access request |
| CN110365688A (en) * | 2019-07-19 | 2019-10-22 | 湖南快乐阳光互动娱乐传媒有限公司 | Anti-stealing link method and device |
| CN110740353A (en) * | 2018-07-20 | 2020-01-31 | 北京优酷科技有限公司 | Request identification method and device |
| CN111245774A (en) * | 2018-11-29 | 2020-06-05 | 阿里巴巴集团控股有限公司 | Resource request processing method, device and system |
| CN112953986A (en) * | 2019-12-10 | 2021-06-11 | 华为技术有限公司 | Management method and device for edge application |
| CN113973236A (en) * | 2020-07-24 | 2022-01-25 | 中国移动通信集团浙江有限公司 | Anti-hotlinking method and device for video service, computing equipment and storage medium |
| CN114500067A (en) * | 2022-02-09 | 2022-05-13 | 厦门元屿安科技有限公司 | Asynchronous attack anti-theft chain method and system based on CDN edge computing network |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997822A (en) * | 2009-08-26 | 2011-03-30 | 中国移动通信集团公司 | Streaming media content delivery method, system and equipment |
| CN102546579A (en) * | 2010-12-31 | 2012-07-04 | 北大方正集团有限公司 | Method, device and system used for providing system resources |
| US20130229951A1 (en) * | 2009-01-28 | 2013-09-05 | Headwater Partners I Llc | Automated device provisioning and activation |
| CN103986735A (en) * | 2014-06-05 | 2014-08-13 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
| CN104283845A (en) * | 2013-07-03 | 2015-01-14 | 中国电信股份有限公司 | Hotlink protecting method and system, CDN server and client side |
-
2015
- 2015-03-26 CN CN201510134511.7A patent/CN104811438B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130229951A1 (en) * | 2009-01-28 | 2013-09-05 | Headwater Partners I Llc | Automated device provisioning and activation |
| CN101997822A (en) * | 2009-08-26 | 2011-03-30 | 中国移动通信集团公司 | Streaming media content delivery method, system and equipment |
| CN102546579A (en) * | 2010-12-31 | 2012-07-04 | 北大方正集团有限公司 | Method, device and system used for providing system resources |
| CN104283845A (en) * | 2013-07-03 | 2015-01-14 | 中国电信股份有限公司 | Hotlink protecting method and system, CDN server and client side |
| CN103986735A (en) * | 2014-06-05 | 2014-08-13 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
Non-Patent Citations (1)
| Title |
|---|
| 杨明,郭树培: "基于分布式应用的安全策略管理框架模型", 《电信技术》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357190A (en) * | 2015-10-26 | 2016-02-24 | 网宿科技股份有限公司 | Method and system for performing authentication on access request |
| CN105357190B (en) * | 2015-10-26 | 2018-12-07 | 网宿科技股份有限公司 | The method and system of access request authentication |
| CN105871982A (en) * | 2015-12-07 | 2016-08-17 | 乐视云计算有限公司 | Content pushing method, device and system |
| WO2017096886A1 (en) * | 2015-12-07 | 2017-06-15 | 乐视控股(北京)有限公司 | Content pushing method, apparatus and system |
| CN106254906A (en) * | 2016-08-09 | 2016-12-21 | 亦非云互联网技术(上海)有限公司 | A kind of net cast HLS anti-stealing link method and system |
| CN106453305A (en) * | 2016-10-10 | 2017-02-22 | 传线网络科技(上海)有限公司 | Member live broadcast link stealing prevention method and device, and network server |
| CN106453328A (en) * | 2016-10-18 | 2017-02-22 | 乐视控股(北京)有限公司 | Publishing method for live broadcast video file, publishing client and edge streaming media server |
| CN110740353A (en) * | 2018-07-20 | 2020-01-31 | 北京优酷科技有限公司 | Request identification method and device |
| CN109391686A (en) * | 2018-09-27 | 2019-02-26 | 网宿科技股份有限公司 | The processing method and CDN node server of access request |
| CN109379344A (en) * | 2018-09-27 | 2019-02-22 | 网宿科技股份有限公司 | The method for authenticating and authentication server of access request |
| CN109391686B (en) * | 2018-09-27 | 2022-04-12 | 网宿科技股份有限公司 | Processing method of access request and CDN node server |
| CN111245774A (en) * | 2018-11-29 | 2020-06-05 | 阿里巴巴集团控股有限公司 | Resource request processing method, device and system |
| CN111245774B (en) * | 2018-11-29 | 2023-09-26 | 阿里巴巴集团控股有限公司 | Resource request processing method, device and system |
| CN110365688A (en) * | 2019-07-19 | 2019-10-22 | 湖南快乐阳光互动娱乐传媒有限公司 | Anti-stealing link method and device |
| CN110365688B (en) * | 2019-07-19 | 2022-06-07 | 湖南快乐阳光互动娱乐传媒有限公司 | Anti-stealing-link method and device |
| CN112953986A (en) * | 2019-12-10 | 2021-06-11 | 华为技术有限公司 | Management method and device for edge application |
| CN112953986B (en) * | 2019-12-10 | 2024-03-12 | 华为云计算技术有限公司 | Edge application management method and device |
| CN113973236A (en) * | 2020-07-24 | 2022-01-25 | 中国移动通信集团浙江有限公司 | Anti-hotlinking method and device for video service, computing equipment and storage medium |
| CN113973236B (en) * | 2020-07-24 | 2023-09-19 | 中国移动通信集团浙江有限公司 | Anti-hotlinking method and device for video service, computing equipment and storage medium |
| CN114500067A (en) * | 2022-02-09 | 2022-05-13 | 厦门元屿安科技有限公司 | Asynchronous attack anti-theft chain method and system based on CDN edge computing network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104811438B (en) | 2018-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104811438A (en) | Asynchronous hotlink protection method and system based on scheduling system | |
| EP2723033B1 (en) | Token-based validation for segmented content delivery | |
| US11888989B2 (en) | Methods and systems for key generation | |
| US10979468B2 (en) | Limiting key request rates for streaming media | |
| US8359392B2 (en) | System and method for securely communicating on-demand content from closed network to dedicated devices, and for compiling content usage data in closed network securely communicating content to dedicated devices | |
| CN104113534B (en) | The login system and method for application APP | |
| CN105103488B (en) | By the policy Enforcement of associated data | |
| CN103189872B (en) | Safety in networked environment and the effectively method and apparatus of Content Selection | |
| CN105357190B (en) | The method and system of access request authentication | |
| CN105743638B (en) | Method based on B/S architecture system client authorization certifications | |
| US20190370483A1 (en) | Data Protection Method and System | |
| CN103997681B (en) | Net cast is carried out to method and the system thereof of door chain process | |
| CN103229181A (en) | Protecting websites and website users by obscuring URLs | |
| CN107613316B (en) | Live network push stream verification method and system | |
| CN105704139A (en) | RTMP protocol-based streaming media service user authentication method | |
| CN106101133A (en) | A kind of method and system of Streaming Media door chain | |
| CN105491058B (en) | API access distributed authorization method and system | |
| WO2016091394A1 (en) | Secure media player | |
| CN109873819A (en) | A kind of method and system preventing unauthorized access server | |
| WO2007078037A1 (en) | Web page protection method employing security appliance and set-top box having the security appliance built therein | |
| CN109510710A (en) | A kind of response method and system of service request | |
| US20160261567A1 (en) | Computer implemented system and method for ahead-of-time delivery of electronic content | |
| KR100741144B1 (en) | Apparatus and method for preventing of reprinting digital contents | |
| CN111602380A (en) | Method and system for identifying a user terminal for receiving streaming protected multimedia content | |
| KR20140004703A (en) | Controlled security domains |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |